The Business Case for ESG Risk Assessment

Karen Baum


October 9, 2023

ESG Risk Assessment\

Risk and business continuity professionals undertake a serious responsibility ensuring businesses stay up and running in the event of innumerable internal and external disasters that could disrupt operations. To fulfill their responsibility to stakeholders, shareholders and customers, these professionals must carefully and comprehensively evaluate the full range of risks facing their businesses. To date, business continuity planning has codified approaches to navigating all kinds of disruptions, from product failures to supply chain breakdowns to economic volatility. But the risk environment is ever changing, and business continuity professionals should increase focus on environmental, social and governance (ESG) risks.

ESG risks encompasses a broad range of challenges, from climate disasters to public health crises to shareholder activism. As demands for social responsibility grow, natural disasters increase in severity and frequency, and the regulatory environment evolves, ESG risks will only become more prevalent and disruptive.

To protect their business and create long-term, sustainable value, risk and business continuity professionals should include ESG risks in their materiality assessments, forecasting and planning. A business continuity plan that fails to account for these risks is incomplete and could leave the organization vulnerable.

Redefining ESG and Business Continuity

Traditionally, companies have not considered ESG risks in their risk assessment exercises, initiatives or strategies. Given the steady increase in awareness of ESG risks, more organizations are beginning to integrate ESG risks into their core business continuity and broader enterprise risk management strategies and plans.

Despite prevailing attitudes, every organization has some degree of ESG risk exposure. For example, depending on your organization’s location, you may need to prepare for environmental risks such as hurricanes, tornadoes, floods, fires, earthquakes or blizzards. In addition to creating a disaster plan to keep employees safe during a natural disaster or severe weather event, a business must have a robust plan to keep essential functions running, such as rerouting shipments to other facilities, digitizing files to mitigate the risk of permanent data loss, or proactively working with lenders to revise loan covenants in case liquidity is impacted.

ESG risks like data breaches, public health crises and extreme weather have proven to be financially material to businesses of all sizes and industries. For example, the average cost of a data breach in the United States is $9.44 million, according to IBM. In the case of a Uyghur Forced Labor Prevention Act (UFLPA) violation, the U.S. Customs and Border Protection (CBP) can impose civil fines extending up to the full domestic value of the merchandise on imports. And in terms of climate disasters, the National Centers for Environmental Information reports that the United States has experienced 348 weather and climate disasters since 1980, the total costs of which exceeded $2.51 trillion.

As these examples show, it makes good business sense to consider the full scope of ESG risks in business continuity planning, no matter how unlikely these events might seem. When it comes to business continuity, it is better to be overprepared than taken by surprise when disaster strikes.

When planning for and addressing ESG risks, the business continuity and risk management functions need to collaborate closely with the organization’s ESG and sustainability leaders. These colleagues can offer nuanced insight into the most common ESG risks and their effects, as well as identify threats that other professionals may not recognize. They also have a deeper perspective on the organization’s overall ESG positioning and can provide information on governance and other ESG risks as sustainability regulations continue to evolve. For that collaboration to happen, everyone in the organization needs to be aligned on the importance of ESG and the materiality of ESG risks. That requires a shift in understanding of ESG as a whole.

The Evolution of ESG Perspectives

The tendency of business continuity professionals to overlook ESG risks reflects the overarching attitudes of a business community that has traditionally ignored ESG issues—but those attitudes are starting to change.

According to BDO’s 2023 CFO Outlook Survey, most CFOs see ESG as a compliance play. However, many companies report they are further along in their ESG journey with 21% saying they are already working to integrate EGS into their business strategy and 12% reporting they have a mature ESG program embedded into their business model.

At the same time, there is still a lot of headway to be made. Only 19% of CFOs see ESG as a significant risk in 2023, making it the lowest-rated risk in the survey. BDO’s 2023 Board Pulse Survey found that just 1% of board members think ESG matters pose a significant risk to their business this year. These figures make clear that ESG awareness is in its early stages.

Many business leaders mistakenly assume that they do not need to address ESG risk considerations until government regulations require it. In reality, one of primary drivers for ESG adoption is the market. Investors are already demanding more visibility into ESG commitments before making investment decisions. According to BDO’s Spring 2023 Private Capital Pulse Survey, over 80% of private equity fund managers and operating partners have rejected an investment opportunity because of ESG concerns. While most companies are seeing ESG as an element of compliance, they will need to pivot quickly to satisfy priorities and requests for ESG information from investors and customers alike.

That said, the regulatory environment is also a key factor in managing ESG risk. The regulatory landscape will likely follow the shift already underway in the markets toward ESG as an integral component of good business practices. For example, the U.S. Securities and Exchange Commission (SEC) has been introducing new ESG-related proposals, including new climate disclosure rules expected to be finalized later in 2023.

Currently, when discussing ESG, the focus has largely been on climate risk. However, climate risk is only one component of ESG. As ESG considerations gain greater attention from business leaders, awareness around the larger universe of ESG risk will increase as well. For example, one in three board members sees the talent shortage as a significant risk to their business. Human capital management risks will increasingly gain attention in business continuity planning and overall enterprise risk assessments.

The following are examples of ESG risks businesses should consider:

Examples of ESG risks

The Path Forward for Risk Leaders

As ESG continues to gain importance across virtually all areas of the business community, it is no longer enough for businesses to simply check the compliance box for ESG issues. Businesses must fully integrate ESG into their overarching business strategies as well as their continuity planning. Risk and business continuity professionals have an important role to play in this mission. the following are four steps risk and business continuity leaders should take in response to ESG’s evolving significance:

  1. Shift your understanding. Sustainability and continuity are different sides of the same coin. To maintain continuity, you must build sustainability into an organization’s business plan—it is not optional.
  2. Rethink your role. Become an active supporter of your company’s ESG program. In addition, solicit input from ESG leaders when conducting business continuity exercises to ensure that you are properly accounting for ESG risks.
  3. Conduct a self-assessment. Make sure you understand what is going on in the business with regard to ESG. As part of the assessment, look for duplicative efforts and ask the question: Are there ways the ESG, business continuity and enterprise risk functions can collaborate and align efforts?
  4. Grow your programs together. ESG, enterprise risk and business continuity programs should not exist in a vacuum. For these programs to achieve their full potential, their respective leaders need to work together to ensure strategy alignment. Seize the opportunity to initiate these relationships and find practical, actionable ways to collaborate.

    ESG is more than just a compliance play or a brand-boosting tactic. It is an integral part of running a sound business. Simply put, ESG makes good business sense. By thoroughly planning and accounting for ESG risks, risk and business continuity leaders can improve their organization’s business continuity planning and promote better business performance.


Karen Baum is the sustainability and ESG advisory services leader at BDO USA, P.C. She works with investors, lenders, and public and private companies to design sustainability solutions for organizations at all stages of their ESG strategy implementation.